From: Denis Vlasenko <vda@port.imtp.ilyichevsk.odessa.ua>
To: Pavel Machek <pavel@ucw.cz>, Stas Sergeev <stsp@aknet.ru>
Subject: Re: ESP corruption bug - what CPUs are affected?
Date: Tue, 21 Sep 2004 14:43:37 +0300
User-Agent: KMail/1.5.4
Cc: linux-kernel@vger.kernel.org
References: <4149D243.5050501@aknet.ru> <414C14CD.7030200@aknet.ru> <20040921111900.GA7515@elf.ucw.cz>
In-Reply-To: <20040921111900.GA7515@elf.ucw.cz>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="koi8-r"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200409211443.37854.vda@port.imtp.ilyichevsk.odessa.ua>
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1041
Lines: 32

On Tuesday 21 September 2004 14:19, Pavel Machek wrote:
> Hi!
> 
> > >for subsequent push/pop/call/ret operations.
> > >But if code uses full ESP, thinking that upper 16 bits are zero,
> > >it will crash badly. Correct me if I'm wrong.
> >
> > That's correct. But you should note that the
> > program not just "thinks" that the upper 16 bits
> > are zero. It writes zero there itself, and a few
> > instructions later - oops, it is no longer zero...
> 
> Hmm, perhaps this can also be viewed as a "information leak"? Program
> running under dosemu is not expected to know high bits of kernel
> %esp...

Yes.

I must admit that Stas was right and I was wrong.
This is a 386 CPU bug.

Since then it seems to be codified in i86 architecture
and duplicated in all successors.
Incredible... :(
--
vda

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/